(RHSA-2022:5068) Moderate: OpenShift Container Platform 4.11.0 packages and security update

2022-08-1009:13:55

access.redhat.com

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.005 Low

EPSS

Percentile

75.4%

JSON

Red Hat OpenShift Container Platform is Red Hat’s cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.

Security Fix(es):

ignition: configs are accessible from unprivileged containers in VMs running on VMware products (CVE-2022-1706)
prometheus/client_golang: Denial of service using InstrumentHandlerCounter (CVE-2022-21698)
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)
golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191)
golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
runc: incorrect handling of inheritable capabilities (CVE-2022-29162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython3-pint< 0.10.1-3.el8python3-pint-0.10.1-3.el8.noarch.rpm
RedHat8s390xopenvswitch2.17-devel< 2.17.0-22.el8fdpopenvswitch2.17-devel-2.17.0-22.el8fdp.s390x.rpm
RedHat8ppc64leopenvswitch2.17< 2.17.0-22.el8fdpopenvswitch2.17-2.17.0-22.el8fdp.ppc64le.rpm
RedHat8ppc64lepodman-gvproxy-debuginfo< 4.0.2-6.rhaos4.11.el8podman-gvproxy-debuginfo-4.0.2-6.rhaos4.11.el8.ppc64le.rpm
RedHat8noarchpython3-wcwidth< 0.1.7-15.el8python3-wcwidth-0.1.7-15.el8.noarch.rpm
RedHat8x86_64ovn22.06-host-debuginfo< 22.06.0-27.el8fdpovn22.06-host-debuginfo-22.06.0-27.el8fdp.x86_64.rpm
RedHat8aarch64openvswitch2.17-debuginfo< 2.17.0-22.el8fdpopenvswitch2.17-debuginfo-2.17.0-22.el8fdp.aarch64.rpm
RedHat8ppc64lerunc-debugsource< 1.1.2-1.rhaos4.11.el8runc-debugsource-1.1.2-1.rhaos4.11.el8.ppc64le.rpm
RedHat8x86_64python-yappi-debugsource< 1.0-3.el8python-yappi-debugsource-1.0-3.el8.x86_64.rpm
RedHat8ppc64lelibsodium-static< 1.0.16-5.el8libsodium-static-1.0.16-5.el8.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	python3-pint	< 0.10.1-3.el8	python3-pint-0.10.1-3.el8.noarch.rpm
RedHat	8	s390x	openvswitch2.17-devel	< 2.17.0-22.el8fdp	openvswitch2.17-devel-2.17.0-22.el8fdp.s390x.rpm
RedHat	8	ppc64le	openvswitch2.17	< 2.17.0-22.el8fdp	openvswitch2.17-2.17.0-22.el8fdp.ppc64le.rpm
RedHat	8	ppc64le	podman-gvproxy-debuginfo	< 4.0.2-6.rhaos4.11.el8	podman-gvproxy-debuginfo-4.0.2-6.rhaos4.11.el8.ppc64le.rpm
RedHat	8	noarch	python3-wcwidth	< 0.1.7-15.el8	python3-wcwidth-0.1.7-15.el8.noarch.rpm
RedHat	8	x86_64	ovn22.06-host-debuginfo	< 22.06.0-27.el8fdp	ovn22.06-host-debuginfo-22.06.0-27.el8fdp.x86_64.rpm
RedHat	8	aarch64	openvswitch2.17-debuginfo	< 2.17.0-22.el8fdp	openvswitch2.17-debuginfo-2.17.0-22.el8fdp.aarch64.rpm
RedHat	8	ppc64le	runc-debugsource	< 1.1.2-1.rhaos4.11.el8	runc-debugsource-1.1.2-1.rhaos4.11.el8.ppc64le.rpm
RedHat	8	x86_64	python-yappi-debugsource	< 1.0-3.el8	python-yappi-debugsource-1.0-3.el8.x86_64.rpm
RedHat	8	ppc64le	libsodium-static	< 1.0.16-5.el8	libsodium-static-1.0.16-5.el8.ppc64le.rpm